Bug 1411709

Summary: sosreport data does not include the /var/lib/rhsm/* directory
Product: Red Hat Enterprise Linux 7 Reporter: Rich Jerrido <rjerrido>
Component: sosAssignee: Pavel Moravec <pmoravec>
Status: CLOSED ERRATA QA Contact: Miroslav Hradílek <mhradile>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 7.3CC: agk, bmr, gavin, isenfeld, mhradile, plambri, rjerrido, sbradley
Target Milestone: rcKeywords: OtherQA
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
URL: https://github.com/sosreport/sos/pull/912
Whiteboard:
Fixed In Version: sos-3.4-1.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-08-01 23:08:12 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Rich Jerrido 2017-01-10 11:10:27 UTC 
Description of problem:

Subscription-manager's runtime information, stored in /var/lib/rhsm/* is not collected via sosreport. This data (especially /var/lib/rhsm/facts.json) is useful for a support engineer to troubleshooting subscription related issues. 

Version-Release number of selected component (if applicable):
sos-3.3-5.el7_3.noarch

How reproducible:
100%

Steps to Reproduce:
1. run sosreport
2. extract the output of the sosreport tarball
3. note the missing /var/lib/rhsm/* directory. 



Expected results:
RHSM data in /var/lib/rhsm/* is collected in the sosreport. 


Additional info:

the sosreport command calls rhsm-debug with the --sos option to gather all subscription related data. And according to this snippet from '/usr/lib/python2.7/site-packages/rhsm_debug/debug_commands.py' included with the subscription-manager-1.17.15-1.el7.x86_64 package, it implies that sosreport previously collected this data. So this may be a possible regression.  


sos = self.options.sos
defaults = cfg.defaults()
# sosreport collects /etc/rhsm/* and /var/*/rhsm/*, so these would
# be redundant for sos
if not sos:
    # copy rhsm.conf specifically
    self._copy_cert_directory("/etc/rhsm", content_path)
    self._copy_directory('/var/log/rhsm', content_path)
    self._copy_directory('/var/lib/rhsm', content_path)


From what I can tell, /var/log/rhsm/* IS currently included via sos and /var/lib/rhsm/* is NOT.
Comment 2 Pavel Moravec 2017-01-10 12:33:15 UTC 
Can't there be some secret / password / SSL cert private file / whetever a customer does not want to share via sosreport?

Can't the directory get big (such that it takes redundant time to collect some crap)? Is whole /var/lib/rhsm required to collect? I.e. including /var/lib/rhsm/cache?

(I checked few my systems and no secret, nothing big in there, but worth asking in general)
Comment 3 Rich Jerrido 2017-01-10 12:59:30 UTC 
/var/lib/rhsm is primarily used for cached data (from the Customer Portal or Satellite) as well as runtime data for subscription-manager. potentially sensitive data/certs (such as identity and entitlement certs) are kept in /etc/pki. 

Regarding its size, /var/lib/rhsm/ is always expected to be small. (this is contrasted to /var/log/rhsm/ which can grow in size significantly.
Comment 4 Pavel Moravec 2017-01-10 13:11:17 UTC 
Thanks, upstream PR raised.

Since we will be short on QE resources for RHEL7.4 sosreport errata, if you wish to ensure the fix/enahncement is there, please state you will verify the BZ by yourself by:

- setting OtherQE keyword
- verifying sos build available since RHEL7.4 devel freeze (I will notify about this)
Comment 5 Pavel Moravec 2017-02-19 14:21:12 UTC 
(In reply to Pavel Moravec from comment #4)
> Thanks, upstream PR raised.
> 
> Since we will be short on QE resources for RHEL7.4 sosreport errata, if you
> wish to ensure the fix/enahncement is there, please state you will verify
> the BZ by yourself by:
> 
> - setting OtherQE keyword
> - verifying sos build available since RHEL7.4 devel freeze (I will notify
> about this)

forgot to raise needinfo
Comment 6 Pavel Moravec 2017-02-20 21:38:56 UTC 
Closed #912 via e2d7e03.
Comment 7 Rich Jerrido 2017-02-27 10:55:25 UTC 
(In reply to Pavel Moravec from comment #5)
> (In reply to Pavel Moravec from comment #4)
> > Thanks, upstream PR raised.
> > 
> > Since we will be short on QE resources for RHEL7.4 sosreport errata, if you
> > wish to ensure the fix/enahncement is there, please state you will verify
> > the BZ by yourself by:
> > 
> > - setting OtherQE keyword
> > - verifying sos build available since RHEL7.4 devel freeze (I will notify
> > about this)
> 
> forgot to raise needinfo

Will do.
Comment 11 Miroslav Hradílek 2017-05-24 15:00:26 UTC 
I can confirm the change in above mentioned PR is contained in the new plugin source. If there is no positive feedback from the customer I will verify this SanityOnly.

# diff -u old/BUILD/sos-3.3/sos/plugins/subscription_manager.py /usr/lib/python2.7/site-packages/sos/plugins/subscription_manager.py
--- old/BUILD/sos-3.3/sos/plugins/subscription_manager.py	2016-06-29 20:24:47.000000000 +0200
+++ /usr/lib/python2.7/site-packages/sos/plugins/subscription_manager.py	2017-05-22 22:40:13.000000000 +0200
@@ -29,6 +29,7 @@
         # rhsm config and logs
         self.add_copy_spec([
             "/etc/rhsm/",
+            "/var/lib/rhsm/",
             "/var/log/rhsm/rhsm.log",
             "/var/log/rhsm/rhsmcertd.log"])
         self.add_cmd_output([

# rpm -qf /usr/lib/python2.7/site-packages/sos/plugins/subscription_manager.py
sos-3.4-4.el7.noarch
Comment 12 Miroslav Hradílek 2017-06-15 11:04:51 UTC 
Verifying Sanity Only (based just on code). See comment 11.
Comment 13 errata-xmlrpc 2017-08-01 23:08:12 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2203